Your submission was sent successfully! Close

CVE-2014-9938

Published: 19 March 2017

contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
git
Launchpad, Ubuntu, Debian
precise Not vulnerable
(1:1.7.9.5-1ubuntu0.3)
trusty Does not exist
(trusty was released [1:1.9.1-1ubuntu0.4])
upstream
Released (1:2.0.0~rc2-1)
xenial Not vulnerable
(1:2.7.4-0ubuntu1)
yakkety Not vulnerable